Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!

Click here to return to the 'Use self-signed certificates with Mail' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
Use self-signed certificates with Mail
Authored by: Xris on Oct 10, '08 09:24:31AM

For all of those who are trying to use "self-signed" certificates...

I also tried in vain to get my self-signed certificates to work with Mail. I created and re-created them in the certificate assistant over and over, selecting all/none options, trying to get them to work.
I ended up thinking that maybe one would have to set some com.defaults thing to get mail to recognize/allow their use.

FINALLLY, after reading a comment about adding the certificate to the X.509 anchors list AND a post in another blog about something simmilar... got mine working.

The process is the following:

Create a self-signed certificate with the Certificate Assitant. Remember to select the "Key Usage Extension" as "This extension is critical". Also make sure you select at least the "Signature", "Key Encipherment" and "Data Encipherment" options.

When all done, open Keychain Access, go to the login keychain, select the Certificates category, select your certificate and export it (File->Export).
Make sure you select "Certificate (.cer)" file type.
I save it to my Desktop.
Double Click on the certificate file.
A dialog will appear asking you if you want to add the certificate to you keychain.
There is a pop up menu where you can select WHICH keychain to add it to. The default is "login". CHANGE it to "X.509Anchors".
You will have to authenticate yourself as an administrator.

Now your "self-signed" certificate is part of the "trusted" (completely, apparently) certificates AND can be used to sign and encrypt your mail messages.

[ Reply to This | # ]